| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This simply verifies that we forward unix fds only on connection that
support it. We willr eturn an error if a client attempts to send a
message with unix fds to another client that cannot do it.
|
|
|
|
| |
in once piece right now
|
|
|
|
| |
This make all counters count both bytes of memory and unix fds.
|
|
|
|
|
|
| |
glibc knows three bswap_{16|32|64}() calls that internally make use of a
gcc extension to implement faster byteswapping. We should make use of it
if we can.
|
|
|
|
|
|
|
|
|
|
|
| |
Newer gccs and intel ccs support a __sync extension for making use of
atomic operations. This patch replaces the handcrafted x86 atomic
operation support with usage of __sync.
__sync is supported by more processors and by more compilers than the
old assembler code. Also, this extension has been available on gcc for
quite a while now for x86, so replacing the old assembler code should
only be a loss when very old compiilers are used.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds two new directives to the auth protocol:
NEGOTIATE_UNIX_FD is sent by the client after the authentication was
sucessful, i.e. OK was received.
AGREE_UNIX_FD is then sent by the server if it can do unix fd passing as
well.
ERROR is returned when the server cannot or is unwilling to do unix fd
passing.
This should be compatible with existing D-Bus implementations which will
naturally return ERROR on NEGOTIATE_UNIX_FD.
|
|
|
|
|
|
| |
Since all socket users enable FD_CLOEXEC anyway we can just do that in
_dbus_open_socket() and be done with it for all cases. By side effect
this allows us to use SOCK_CLOEXEC and hence close the CLOEXEC race.
|
|
|
|
| |
This should fix another CLOEXEC race.
|
|
|
|
|
| |
Instead of having everyone define _GNU_SOURCE and similar macros
seperately, simply do so centrally by using AC_USE_SYSTEM_EXTENSIONS
|
|
|
|
|
|
|
| |
All users of full duplex pipes enable FD_CLOEXEC later anyway so let's
just do it as part of _dbus_full_duplex_pipe. By side effect this allows
to make use of SOCK_CLOEXEC which fixes a race when forking/execing from
a different thread at the same time as we ar in this function.
|
|
|
|
|
|
|
|
| |
do it
Not all of the send function flavours allow returning proper error
codes. For the cases where this is not easily possible the client should
call dbus_connection_can_send_type() first.
|
|
|
|
|
|
|
|
| |
This is just a wrapper around _dbus_transport_can_pass_unix_fd() however
it is more generic.
The reason for keeping this generic is to ease later addition of more
types without having to add a new API for that.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When appending unix fds to the message a new entry in the fd array will
be allocated and the index to it will be written to the message payload.
When parsing unix fds from the message the index will be read from the
payload and then looked up in the fd array.
When we read fds we put them in a queue first. Since each message knows
how many fds are attached to it we will then pop enough fds from this
queue each time we decode a message from the stream.
This should make sending and receiving more portable since we don't make
any strong requirements on the exact semantics of the SCM_RIGHTS
implementation: as long as fds are recieved in order, none or lost and
the arrive at the same time as at least one byte from the actual message
dat we should be able to handle them correctly.
|
|
|
|
|
| |
This is actually pretty boring since we store our fds as indexes that
are stored as uint32_t's.
|
|
|
|
|
|
|
|
|
| |
We introduce a new type code for the unix fds. The data stored in unix
fd fields will be an integer index into the array of fds that are
attached to a specific message. We also introduce a new header field
that stores how many fds belong to the message. And finally we introduce
a new error for messages where the payload and the meta data (i.e. unix
fds read for it) don't match up.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces three new functions:
_dbus_read_socket_with_unix_fds
_dbus_write_socket_with_unix_fds
_dbus_read_socket_with_unix_fds_two
These work exactly like their counterpart sans 'with_unix_fds' except
that they also send/recieve file descriptors along with the actual
payload data.
|
|
|
|
|
|
| |
This function can be used to check if a socket can be used to pass file
descriptors. On platforms that don't support this at all this is
hardcoded to return FALSE.
|
|
|
|
|
|
|
| |
This is a simple wrapper around dup()-like functionality.
Also handles CLOEXEC and makes sure we don't interfere with the standard
I/O file descriptors 0, 1 and 2.
|
|
|
|
| |
If we can use MSG_NOSIGNAL we don't have to play games with SIGPIPE
|
|
|
|
|
|
|
|
|
| |
On Linux send()/sendmsg() know the special flag MSG_NOSIGNAL which if
set makes sure that no SIGPIPE signal is raised when we write to a
socket that has been disconnected.
By using this flag we don't have to play games with SIGPIPE which is
pretty ugly stuff since it touches the global process context.
|
|
|
|
|
| |
Due to some unknown reasons the dbus_new() macros had a semicolon at the
end which makes it impossible to use them in some situations.
|
|
|
|
|
|
|
|
|
| |
These header files include config.h explicitly anyway. These checks are
hence pointless.
Of course one could argue that including config.h from header files
sucks, but D-Bus generally seems not to have a problem with that, so
let's unify this.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
bus/bus.c
bus/config-parser-common.c
bus/config-parser-common.h
bus/config-parser.c
bus/connection.c
bus/dbus-daemon.1.in
dbus/dbus-marshal-validate-util.c
dbus/dbus-marshal-validate.c
dbus/dbus-sysdeps-util-unix.c
test/name-test/tmp-session-like-system.conf
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-marshal-validate.c: If an array is fixed size,
skip validation
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| | |
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
|
| |
| |
| |
| |
| | |
We need to start logging denials so that they become more easily trackable
and debuggable.
|
| |
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-marshal-recursive.c: A stray comma
between two string literals caused incorrect
output and a compiler warning.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-credentials.h: Add a prototype for
_dbus_credentials_add_adt_audit_data()
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| |
| |
| | |
* dbus/dbus-marshal-validate.c: Ensure we validate
a basic type before calling is_basic on it.
* dbus-marshal-validate-util.c: Test.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-sysdeps-unix.c:
* dbus/dbus-sysdeps-util-unix.c: Cast return
from sysconf temporarily so we actually see
-1.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| | |
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Dbus is doing atomic file updates by copying them, changing
the copy, and re-naming them. However, it does not synchronize
the file before re-naming, which results in corruption in
case of unclean reboots. The reason for this is that file-systems
have write-back cache and they postpone writing data to the media.
This patch adds the missed fsync() for the Unix part. I do
not have windows so cannot provide a windows port fix.
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| | |
Signed-off-by: Federico Mena Quintero <federico@novell.com>
|
| |
| |
| |
| | |
Signed-off-by: Federico Mena Quintero <federico@novell.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some projects want to reuse the DBus message format, without
actually going through a DBusConnection. This set of changes
makes a few functions from DBusMessage public, and adds a new
function to determine the number of bytes needed to demarshal
a message.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
This patch makes various things that should be static static,
corrects some "return FALSE" where it should be NULL, etc.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous commit had errors in both the test case and
the validation logic. The test case was missing a trailing
comma before the previous one, so we weren't testing the
signature we thought we were.
The validation logic was wrong because if the type was not valid,
we'd drop through the entire if clause, and thus skip returning
an error code, and accept the signature.
|
| |
| |
| |
| |
| |
| |
| | |
We were incorrectly converting the serial to a signed integer
and comparing it to -1.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We can't safely type-pun from e.g. char * to DBusBasicValue *, because
the latter has higher alignment requirements. Instead, create an
explicit pointer for each case.
Also, we mark each one volatile to sidestep strict aliasing issues, for
the future when we turn on strict aliasing support.
Original patch and review from Jay Estabrook <jay.estabrook@hp.com>.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
|
| |
| |
| |
| |
| | |
We need to start logging denials so that they become more easily trackable
and debuggable.
|
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-marshal-validate.c: If an array is fixed size,
skip validation
Signed-off-by: Colin Walters <walters@verbum.org>
|